Yesterday, our Mobile Threat Report, covering the 4th quarter of 2011, was made available for public release — now, we share it with you. Past reports have been produced for internal use, this is our first external release.

Around half a dozen analysts contributed to the Q4 report (and it looks great, thanks to folks on our graphics team).

MTR-Q42011: 32 pages of analysis which includes plenty of interesting details.

The bill (S.2105) is designed to protect critical infrastructure such as water, energy, and transportation. It directs the U.S. Department of Homeland Security (DHS) to coordinate with network operators on developing security standards. A related bill, the "Cybersecurity Information Sharing Act of 2012" (S.2102) was introduced on February 13th.

Naturally, civil liberties group such as the EFF and EPIC examined the legislation. They say it's too broad.

Whatever else there is to say about the Cybersecurity Act of 2012, it was a bit surprising to read in CNET's article that "there is no definition of 'crime'." After all, the definition of "cybercrime" has been established for years now.

Thomas, the U.S. Library of Congress's legislative archive, provides 27 results when searching for the term "cyber".

Senator Gillibrand's bill is a rather concise (and quite readable) four pages and clearly references the Council of Europe's Convention on Cybercrime. The Convention on Cybercrime is also referenced by the longer (40 page) Cybersecurity Act of 2012. It's not as easy to locate, but it's there.

The Convention of Cybercrime treaty was prepared by CoE members and Canada, Japan, South Africa and the United States in 2001. The treaty has been in force since 2004.

Final note: rather than worry about the definition of "crime", we would suggest that the greater concern to citizens can be found in the Cybersecurity Information Sharing Act of 2012's Section 7.

SEC. 7. LIMITATION ON LIABILITY AND GOOD FAITH DEFENSE FOR CYBERSECURITY ACTIVITIES.

Limitation on liability?

Translation: If "Little Brother" shares your information with third-parties, causes you harm, but is wrong about the security risk — Little Brother isn't liable as long as it acted in "good faith". Limitation of liability essentially encourages a "shoot first and ask questions later" approach to cybersecurity.

Doesn't sound good.

P.S. Limitation of liability (a.k.a. immunity for taking voluntary action) is also prevalent in SOPA.

Scientific American's March issue has an intriguing article which explores the efforts of digital activists to circumvent corporate and governmental control over the Internet. The aim of the moment is to configure and build a decentralized mesh network that cannot be blocked, filtered or turned off.

Egypt's Internet shutdown during last year's Arab Spring played a significant inspirational role.

Image: Scientific American Magazine

With a "shadow" network configured, activists would remain able to communicate, even after central hubs have gone dark.

Another fascinating addition to all of this is Scientific American's Science Talk podcast: The Coming Entanglement [MP3].

In the podcast, SA editor Fred Guterl talks with Bill Joy and Danny Hillis about the need to build an alternative, hardier network due to the ever increasing complexity of our current Internet (which makes it ever more prone to unexplained failures).

Joy and Hillis envision a simpler, more robust network as a way to shelter some of our critical infrastructure from entanglements.

Nightline, a U.S. news program, will air what's being billed as a special episode this evening on the ABC network. In it, Nightline Co-Anchor Bill Weir will tour Foxconn's factory floor. If you haven't heard of Foxconn, they're the company that manufactures devices such as iPad, iPhone, Kindle, PlayStation 3, Wii, and the Xbox 360.

Weir's invitation to visit "Apple's factory" in China is in part due to growing consumer pressure. Several weeks ago, This American Life, a production of Public Radio International, aired a segment of The Agony and the Ecstasy of Steve Jobs by monologist Mike Daisey. In the story, Daisey, a self-described super fan of Apple, traveled to China to see where his iPhone was made.

Edited on March 20th: This American Life has retracted Mike Daisey's story. The Retraction episode is now embedded below.

After Mr. Daisey and the Apple Factory aired, social activist groups such as change.org and sumofus.org then organized petitions for Apple to make an "ethical" iPhone. The groups recently delivered over 250,000 signatures to Apple's flagship store in New York.

And so now Foxconn has reached its "Nike moment" (a reference to Nike's PR troubles in the 1990's) and has invited Nightline to tour its facilities to provide more transparency. You can read a preview of the report here: A Trip to The iFactory.

Also of note, Foxconn promised a 25% raise to employees yesterday.

So, what's the lesson of the story?

Our thoughts… looks to us like social activism is superior to hacktivism.

Updated to add: Readers outside of the United States will likely see this if they attempt to view full episodes of Nightline.

However, you can listen to the full episode right now via Nightline's podcast feed.

AT&T recently released a film from its archive called "Computer Security: You Make The Difference".

While you might chuckle at the 1990's music and production values – the truth is this – many of basic issues that the video (which is a series of films stitched together) attempts to illustrate are still with us today, 22 years later.

Yesterday, Apple released Mac OS X Mountain Lion Developer Preview. From a security perspective, its most interesting new feature is Gatekeeper, which restricts installation of downloaded applications based on their source.

The default setting is reportedly "Mac App Store and identified developers" which means that developers will have to sign up to Apple's Mac Developer Program ($99 annual fee) if they want to reduce friction. Based on the text in the image below, it seems that even if users opt to install from "Anywhere", Mountain Lion may still nag users that the application doesn't have a Developer ID associated with it.

And that certainly is not a bad thing, at least in terms of system security. Developer fees and installation prompts will almost certainly create overhead costs that steer Mac's ecosystem towards security.

Gatekeeper also begins to solidify Mac's walled garden.

In the future, when Apple decides to further close its platform, device drivers could also be required to use Apple Developer IDs. Apple is famous for its focus on user experience, and it isn't really very difficult to imagine it revoking third-party peripheral drivers in order to "secure" that experience.

No matter how many times I view the image below, I keep reading it as: more control – over – you.

Cryptome.org is a website that has focused on publishing information about freedom of speech, cryptography, spying, and surveillance. In many ways, Cryptome is similar to WikiLeaks — except it has been operating since 1996. The site is run by a New York based architect called John Young.

Cryptome has just announced it has been hacked. The hack planted an attack script on every page of Cryptome. This script used the infamous Blackhole toolkit to gain access to vulnerable computers that visited www.cryptome.org.

The attacker is not known. Neither is the mechanism that was used to breach Cryptome.

Updated to add: The post has been modified. The attack script specifically avoids targeting IP addresses from Google, to prevent Google Search from blacklisting the site. Originally this post speculated that the script worked the other way around, and that the attack was targeting Google. It wasn't. Sorry for the confusion.

During the call, which is currently posted on YouTube, members of the USA's FBI can be heard discussing several Anonymous and LulzSec related cases with investigators from the UK.

Today's leak helps explain just how "Anonymous Sabu" (leader of the LulzSec group) appeared to have insider information regarding the postponement of Jake Davis a.k.a. Topiary's (LulzSec member) trial on January 27th.

Sabu appeared to have some sort of insider information.

And in fact, he did… Topiary's trial date and its delay was discussed during the conference call.

Anonymous has promised additional FBI related releases today. Those could also be quite interesting as it appears that an active member of the FBI's e-mail has somehow been compromised…